package org.spring.aicloud.config;

import jakarta.annotation.Resource;
import jakarta.servlet.Filter;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.stereotype.Component;

import java.util.List;

/**
 * @author yexiebao
 * @date 2025/5/11
 * Spring Security 配置类
 */
@Configuration
@EnableWebSecurity // 启用 WebSecurity
public class SecurityConfig {
    @Resource
    private LoginAuthenticationFilter loginAuthenticationFilter;
    @Bean
    public PasswordEncoder passwordEncoder() {
        //  创建 BCryptPasswordEncoder 对象，用于加密密码
        return new BCryptPasswordEncoder();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http
                .httpBasic(AbstractHttpConfigurer::disable)//禁止明文验证
                .csrf(AbstractHttpConfigurer::disable)//禁用 CSRF 防护
                .formLogin(AbstractHttpConfigurer::disable)//禁用默认登录页
                .logout(AbstractHttpConfigurer::disable)//禁用默认注销页
                .headers(AbstractHttpConfigurer::disable)//禁用默认Header(支持iframe打开页面）
                .sessionManagement(session ->   // 禁用Session(项目中使用jwt进行验证）
                        session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(auth -> auth.requestMatchers(// 允许访问的URL
                        "/favicon.ico",
                        "/layui/**",
                        "/css/**",
                        "/js/**",
                        "/login.html",
                        "/register.html",
                        "/index.html",
                        "/captcha/**",
                        "/user/login",
                        "/user/register",
                        "/swagger-ui/**",
                        "/v3/**",
                        "/doc.html",
                        "/webjars/**",
                        "/"
                ).permitAll()
                        .anyRequest().authenticated()//
                )
                // 添加自定义过滤器
                //该代码将 loginAuthenticationFilter 插入到过滤器链中，位于 UsernamePasswordAuthenticationFilter 之前
                .addFilterBefore(loginAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                .build();

    }
}